[Snort-users] packet crafting detection
skop at ...2175...
Thu Oct 11 04:30:06 EDT 2001
imho - this is where tcpdump command comes handly.
when i run snort to read this tcpdump file - nothing is detected BUT when i do tcpdump -r filename -vv - yet i can see that there is a few packet with same IP Id and this is with DF set.
as far as i know IP Id should be change for each connection with DF set.
can anyone correct me ?
Find out how companies are linking mobile users to the
enterprise with Visto.
More information about the Snort-users